php + sql search

Mark Fowler mark at
Thu Oct 31 16:08:56 GMT 2002

On Thu, 31 Oct 2002, Robin Garbutt wrote:

> $result = mysql_query("SELECT * FROM db WHERE name LIKE '%$name%'", $db);

A side issue...Not that I really use PHP (tending to use a lot of Perl to
do that kind of thing) but don't you have to do something to protect $name
at this point instead of just string interpolating, in case someone puts in 
a "'" inside of it (in which case they can break your code/cause serious 


(who really should learn more PHP)

s''  Mark Fowler                                         mark at
';use Term'Cap;$t=Tgetent Term'Cap{};print$t->Tputs(cl);for$w(split/  +/
){for(0..30){$|=print$t->Tgoto(cm,$_,$y)." $w";select$k,$k,$k,.03}$y+=2}

More information about the Ukfreebsd mailing list